Details

Description

By default, adding any custom principal objects to the subject is overly difficult, and the implementation of it either reduces the benefit of having Shiro handle authentication, or required duplicate calls to the data store for authentication credentials.

By default, I think Realms should be extended so that any additional information about the user that is returned from the autentication query (JdbcRealm, Active Directory, etc...) that is not part of the credentials matching process, should be auto-appended to the subject principals collection.

This would allow developers to add items to the principals for a user simply by controlling what data points came back from the data store call.

In the case of a JdbcRealm, this would be as simple as adding fields to the return type on the authenticationQuery. They could be mapped to the principal using Strings if we needed simplicity (but more accurate type mappings would be nice), making them immediately accessible without having to implement the custom logic to extend or override doGetAuthenticationInfo. Simply map them as a key value pair using the column name from the query as the key, and then the value.

Same could be done for all other default realms (ActiveDirectory would be a big one).